updatetask.exe

This is part of various InstallCore adware bundles and is designed to run daily and maintain the current state of the installed product(s) offeres (mostly unwanted adware) by connecting to a remote server for configuration instructions. The application updatetask.exe has been detected as adware by 10 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Additionally, the file is typically installed by a number of programs including FLV Player by PROXUS Media Group and Update for FLV Player by installCore.
MD5:
1d915d5e8e564b00c2ac53be2805eb0b

SHA-1:
fd0663f63f87b7b5b310ec6ce26e72af58243084

SHA-256:
65b8ee9d33a0033fd9670ac8559d1ec513c1886a52294de4ca44f735b8b2c298

Scanner detections:
10 / 68

Status:
Adware

Explanation:
The update task for the InstallCore download manager.

Analysis date:
12/25/2024 1:34:17 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.DealPly
4.0.3.14213

Boost by Reason
Optional.K
188432

ESET NOD32
Win32/DealPly (variant)
8.9416

Fortinet FortiGate
Riskware/DealPly
3/3/2014

K7 AntiVirus
Trojan
13.176.11322

McAfee
RDN/Generic PUP.x!bt3
5600.7202

Reason Heuristics
PUP.UpdateProc.K
14.3.3.16

Trend Micro House Call
ADW_DOWNWARE
7.2.62

Trend Micro
ADW_DOWNWARE
10.465.03

VIPRE Antivirus
Trojan.Win32.Generic
27040

File size:
110.5 KB (113,152 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\digitalsites\updateproc\updatetask.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:pzP0T9OP6Phw2Jt2+dEQ52GN3f6pYH5LGGRp+++++++++++++++++++++++++++P:pYTYPymyiONipYZH7TW

Entry address:
0x15BC8

Entry point:
55, 8B, EC, 83, C4, F0, B8, 70, 5B, 41, 00, E8, FC, EF, FE, FF, 33, C0, 55, 68, E7, 5C, 41, 00, 64, FF, 30, 64, 89, 20, E8, F9, CA, FE, FF, 85, C0, 0F, 8E, C0, 00, 00, 00, B8, 6C, 7C, 41, 00, BA, FC, 5C, 41, 00, E8, 2A, DF, FE, FF, 83, 3D, 6C, 7C, 41, 00, 00, 75, 0F, B8, 6C, 7C, 41, 00, BA, 0C, 5D, 41, 00, E8, 1E, E1, FE, FF, B8, 6C, 7C, 41, 00, 8B, 0D, 6C, 7C, 41, 00, BA, 1C, 5D, 41, 00, E8, 4D, E1, FE, FF, 83, 3D, 6C, 7C, 41, 00, 00, 75, 0F, B8, 6C, 7C, 41, 00, BA, 2C, 5D, 41, 00, E8, F1, E0, FE, FF, B8...
 
[+]

Entropy:
6.4119

Code size:
83.5 KB (85,504 bytes)

2 Scheduled Tasks
Task name:
Digital Sites

Trigger:
Daily (Runs daily at 23:49)

Action:
updatetask.exe \check

Task name:
At6

Path:
C:\WINDOWS\Tasks\At6.job

Trigger:
Daily (Runs daily at 12.57)

Action:
updatetask.exe \check

Description:
Creato da NetScheduleJobAdd.


The file updatetask.exe has been discovered within the following programs.

FLV Player  by PROXUS Media Group
Publisher's description - “If you ever wanted to add video to your projects or websites, there is no easier way than using pre-built Flash video components. Our player is one of the most feature loaded components on the market and it was specifically designed to suit developer and designers needs.”
www.proxynetworks.com
About 1% of users remove it
Update for FLV Player  by installCore
83% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to bits-lb.eqiad.wikimedia.org  (208.80.154.234:80)

TCP (HTTP):
Connects to ec2-54-197-227-159.compute-1.amazonaws.com  (54.197.227.159:80)

TCP (HTTP):
Connects to bits-lb.esams.wikimedia.org  (91.198.174.202:80)

TCP (HTTP):
Connects to ec2-54-243-134-193.compute-1.amazonaws.com  (54.243.134.193:80)

TCP (HTTP):
Connects to ec2-50-16-201-92.compute-1.amazonaws.com  (50.16.201.92:80)

TCP (HTTP):
Connects to ec2-23-23-137-245.compute-1.amazonaws.com  (23.23.137.245:80)

TCP (HTTP):
Connects to ec2-23-21-92-35.compute-1.amazonaws.com  (23.21.92.35:80)

TCP (HTTP):
Connects to ec2-107-21-203-130.compute-1.amazonaws.com  (107.21.203.130:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.8.121:80)

TCP (HTTP SSL):
Connects to geoip-zlb.vips.scl3.mozilla.com  (63.245.215.82:443)

TCP (HTTP):
Connects to ec2-54-243-159-209.compute-1.amazonaws.com  (54.243.159.209:80)

TCP (HTTP):
Connects to ec2-54-225-201-98.compute-1.amazonaws.com  (54.225.201.98:80)

TCP (HTTP):
Connects to ec2-23-21-95-213.compute-1.amazonaws.com  (23.21.95.213:80)

TCP (HTTP):
Connects to ec2-184-73-153-23.compute-1.amazonaws.com  (184.73.153.23:80)

TCP (HTTP):
Connects to ec2-107-21-93-207.compute-1.amazonaws.com  (107.21.93.207:80)

TCP (HTTP):
Connects to ec2-107-21-230-190.compute-1.amazonaws.com  (107.21.230.190:80)

TCP (HTTP):
Connects to ec2-107-21-126-171.compute-1.amazonaws.com  (107.21.126.171:80)

TCP (HTTP):
Connects to 193-124-232-198.static.unitasglobal.net  (198.232.124.193:80)

Remove updatetask.exe - Powered by Reason Core Security